forked from TrueCloudLab/certificates
Rename method to IsChallengeEnabled
This commit is contained in:
parent
c77b4ff9c5
commit
fd4e96d1f4
5 changed files with 33 additions and 34 deletions
|
@ -41,8 +41,8 @@ func (*fakeProvisioner) AuthorizeSign(ctx context.Context, token string) ([]prov
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (*fakeProvisioner) AuthorizeChallenge(ctx context.Context, challenge provisioner.ACMEChallenge) error {
|
func (*fakeProvisioner) IsChallengeEnabled(ctx context.Context, challenge provisioner.ACMEChallenge) bool {
|
||||||
return nil
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
func (*fakeProvisioner) AuthorizeRevoke(ctx context.Context, token string) error { return nil }
|
func (*fakeProvisioner) AuthorizeRevoke(ctx context.Context, token string) error { return nil }
|
||||||
|
|
|
@ -258,8 +258,7 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
|
||||||
prov := acme.MustProvisionerFromContext(ctx)
|
prov := acme.MustProvisionerFromContext(ctx)
|
||||||
az.Challenges = make([]*acme.Challenge, 0, len(chTypes))
|
az.Challenges = make([]*acme.Challenge, 0, len(chTypes))
|
||||||
for _, typ := range chTypes {
|
for _, typ := range chTypes {
|
||||||
// Make sure the challenge is enabled
|
if !prov.IsChallengeEnabled(ctx, provisioner.ACMEChallenge(typ)) {
|
||||||
if err := prov.AuthorizeChallenge(ctx, provisioner.ACMEChallenge(typ)); err != nil {
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -71,7 +71,7 @@ type Provisioner interface {
|
||||||
AuthorizeOrderIdentifier(ctx context.Context, identifier provisioner.ACMEIdentifier) error
|
AuthorizeOrderIdentifier(ctx context.Context, identifier provisioner.ACMEIdentifier) error
|
||||||
AuthorizeSign(ctx context.Context, token string) ([]provisioner.SignOption, error)
|
AuthorizeSign(ctx context.Context, token string) ([]provisioner.SignOption, error)
|
||||||
AuthorizeRevoke(ctx context.Context, token string) error
|
AuthorizeRevoke(ctx context.Context, token string) error
|
||||||
AuthorizeChallenge(ctx context.Context, challenge provisioner.ACMEChallenge) error
|
IsChallengeEnabled(ctx context.Context, challenge provisioner.ACMEChallenge) bool
|
||||||
GetID() string
|
GetID() string
|
||||||
GetName() string
|
GetName() string
|
||||||
DefaultTLSCertDuration() time.Duration
|
DefaultTLSCertDuration() time.Duration
|
||||||
|
@ -110,7 +110,7 @@ type MockProvisioner struct {
|
||||||
MauthorizeOrderIdentifier func(ctx context.Context, identifier provisioner.ACMEIdentifier) error
|
MauthorizeOrderIdentifier func(ctx context.Context, identifier provisioner.ACMEIdentifier) error
|
||||||
MauthorizeSign func(ctx context.Context, ott string) ([]provisioner.SignOption, error)
|
MauthorizeSign func(ctx context.Context, ott string) ([]provisioner.SignOption, error)
|
||||||
MauthorizeRevoke func(ctx context.Context, token string) error
|
MauthorizeRevoke func(ctx context.Context, token string) error
|
||||||
MauthorizeChallenge func(Ctx context.Context, challenge provisioner.ACMEChallenge) error
|
MisChallengeEnabled func(Ctx context.Context, challenge provisioner.ACMEChallenge) bool
|
||||||
MdefaultTLSCertDuration func() time.Duration
|
MdefaultTLSCertDuration func() time.Duration
|
||||||
MgetOptions func() *provisioner.Options
|
MgetOptions func() *provisioner.Options
|
||||||
}
|
}
|
||||||
|
@ -148,11 +148,11 @@ func (m *MockProvisioner) AuthorizeRevoke(ctx context.Context, token string) err
|
||||||
}
|
}
|
||||||
|
|
||||||
// AuthorizeChallenge mock
|
// AuthorizeChallenge mock
|
||||||
func (m *MockProvisioner) AuthorizeChallenge(ctx context.Context, challenge provisioner.ACMEChallenge) error {
|
func (m *MockProvisioner) IsChallengeEnabled(ctx context.Context, challenge provisioner.ACMEChallenge) bool {
|
||||||
if m.MauthorizeChallenge != nil {
|
if m.MisChallengeEnabled != nil {
|
||||||
return m.MauthorizeChallenge(ctx, challenge)
|
return m.MisChallengeEnabled(ctx, challenge)
|
||||||
}
|
}
|
||||||
return m.Merr
|
return m.Merr == nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// DefaultTLSCertDuration mock
|
// DefaultTLSCertDuration mock
|
||||||
|
|
|
@ -205,10 +205,10 @@ func (p *ACME) AuthorizeRenew(ctx context.Context, cert *x509.Certificate) error
|
||||||
return p.ctl.AuthorizeRenew(ctx, cert)
|
return p.ctl.AuthorizeRenew(ctx, cert)
|
||||||
}
|
}
|
||||||
|
|
||||||
// AuthorizeChallenge checks if the given challenge is enabled. By default
|
// IsChallengeEnabled checks if the given challenge is enabled. By default
|
||||||
// http-01, dns-01 and tls-alpn-01 are enabled, to disable any of them the
|
// http-01, dns-01 and tls-alpn-01 are enabled, to disable any of them the
|
||||||
// Challenge provisioner property should have at least one element.
|
// Challenge provisioner property should have at least one element.
|
||||||
func (p *ACME) AuthorizeChallenge(ctx context.Context, challenge ACMEChallenge) error {
|
func (p *ACME) IsChallengeEnabled(ctx context.Context, challenge ACMEChallenge) bool {
|
||||||
enabledChallenges := []ACMEChallenge{
|
enabledChallenges := []ACMEChallenge{
|
||||||
HTTP_01, DNS_01, TLS_ALPN_01,
|
HTTP_01, DNS_01, TLS_ALPN_01,
|
||||||
}
|
}
|
||||||
|
@ -217,8 +217,8 @@ func (p *ACME) AuthorizeChallenge(ctx context.Context, challenge ACMEChallenge)
|
||||||
}
|
}
|
||||||
for _, ch := range enabledChallenges {
|
for _, ch := range enabledChallenges {
|
||||||
if strings.EqualFold(string(ch), string(challenge)) {
|
if strings.EqualFold(string(ch), string(challenge)) {
|
||||||
return nil
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return fmt.Errorf("acme challenge %q is disabled", challenge)
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
@ -242,7 +242,7 @@ func TestACME_AuthorizeSign(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACME_AuthorizeChallenge(t *testing.T) {
|
func TestACME_IsChallengeEnabled(t *testing.T) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
type fields struct {
|
type fields struct {
|
||||||
Challenges []ACMEChallenge
|
Challenges []ACMEChallenge
|
||||||
|
@ -252,32 +252,32 @@ func TestACME_AuthorizeChallenge(t *testing.T) {
|
||||||
challenge ACMEChallenge
|
challenge ACMEChallenge
|
||||||
}
|
}
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
fields fields
|
fields fields
|
||||||
args args
|
args args
|
||||||
wantErr bool
|
want bool
|
||||||
}{
|
}{
|
||||||
{"ok http-01", fields{nil}, args{ctx, HTTP_01}, false},
|
{"ok http-01", fields{nil}, args{ctx, HTTP_01}, true},
|
||||||
{"ok dns-01", fields{nil}, args{ctx, DNS_01}, false},
|
{"ok dns-01", fields{nil}, args{ctx, DNS_01}, true},
|
||||||
{"ok tls-alpn-01", fields{[]ACMEChallenge{}}, args{ctx, TLS_ALPN_01}, false},
|
{"ok tls-alpn-01", fields{[]ACMEChallenge{}}, args{ctx, TLS_ALPN_01}, true},
|
||||||
{"fail device-attest-01", fields{[]ACMEChallenge{}}, args{ctx, "device-attest-01"}, true},
|
{"fail device-attest-01", fields{[]ACMEChallenge{}}, args{ctx, "device-attest-01"}, false},
|
||||||
{"ok http-01 enabled", fields{[]ACMEChallenge{"http-01"}}, args{ctx, "HTTP-01"}, false},
|
{"ok http-01 enabled", fields{[]ACMEChallenge{"http-01"}}, args{ctx, "HTTP-01"}, true},
|
||||||
{"ok dns-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, DNS_01}, false},
|
{"ok dns-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, DNS_01}, true},
|
||||||
{"ok tls-alpn-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01"}}, args{ctx, TLS_ALPN_01}, false},
|
{"ok tls-alpn-01 enabled", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01"}}, args{ctx, TLS_ALPN_01}, true},
|
||||||
{"ok device-attest-01 enabled", fields{[]ACMEChallenge{"device-attest-01", "dns-01"}}, args{ctx, DEVICE_ATTEST_01}, false},
|
{"ok device-attest-01 enabled", fields{[]ACMEChallenge{"device-attest-01", "dns-01"}}, args{ctx, DEVICE_ATTEST_01}, true},
|
||||||
{"fail http-01", fields{[]ACMEChallenge{"dns-01"}}, args{ctx, "http-01"}, true},
|
{"fail http-01", fields{[]ACMEChallenge{"dns-01"}}, args{ctx, "http-01"}, false},
|
||||||
{"fail dns-01", fields{[]ACMEChallenge{"http-01", "tls-alpn-01"}}, args{ctx, "dns-01"}, true},
|
{"fail dns-01", fields{[]ACMEChallenge{"http-01", "tls-alpn-01"}}, args{ctx, "dns-01"}, false},
|
||||||
{"fail tls-alpn-01", fields{[]ACMEChallenge{"http-01", "dns-01", "device-attest-01"}}, args{ctx, "tls-alpn-01"}, true},
|
{"fail tls-alpn-01", fields{[]ACMEChallenge{"http-01", "dns-01", "device-attest-01"}}, args{ctx, "tls-alpn-01"}, false},
|
||||||
{"fail device-attest-01", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, "device-attest-01"}, true},
|
{"fail device-attest-01", fields{[]ACMEChallenge{"http-01", "dns-01"}}, args{ctx, "device-attest-01"}, false},
|
||||||
{"fail unknown", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01", "device-attest-01"}}, args{ctx, "unknown"}, true},
|
{"fail unknown", fields{[]ACMEChallenge{"http-01", "dns-01", "tls-alpn-01", "device-attest-01"}}, args{ctx, "unknown"}, false},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
p := &ACME{
|
p := &ACME{
|
||||||
Challenges: tt.fields.Challenges,
|
Challenges: tt.fields.Challenges,
|
||||||
}
|
}
|
||||||
if err := p.AuthorizeChallenge(tt.args.ctx, tt.args.challenge); (err != nil) != tt.wantErr {
|
if got := p.IsChallengeEnabled(tt.args.ctx, tt.args.challenge); got != tt.want {
|
||||||
t.Errorf("ACME.AuthorizeChallenge() error = %v, wantErr %v", err, tt.wantErr)
|
t.Errorf("ACME.AuthorizeChallenge() = %v, want %v", got, tt.want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue